Consumers and businesses face a growing tide of malicious software that threatens the stability and performance of their computers and the security of their data. Computer programmers with malicious motivations have created and continue to create viruses, Trojan horses, worms, and other programs (collectively known as “malware”) in an attempt to compromise computer systems.
Many security software companies attempt to combat malware by creating and deploying malware signatures. These signatures may match patterns observed in malware code and/or malware behavior. However, malware authors may regularly modify their malware in an attempt to circumvent commonly employed signature-based malware-detection mechanisms. In particular, in an attempt to evade detection, malware authors may refine malware such that it becomes difficult to distinguish from legitimate programs.
Accordingly, security software companies may face serious tradeoffs. Each new malware signature poses the risk of generating a false positive (i.e., incorrectly classifying legitimate software as malware). False positives can be particularly disruptive to consumers and businesses when security software takes action against legitimate software. On the other hand, false negatives may allow malware to pass undetected.
Accordingly, the instant disclosure identifies and addresses a need for additional and improved systems and methods for trichotomous malware classification.